Moderate severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
CVE-2022-41881
CVE-2022-41881
Description
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.netty:netty-codec-haproxyMaven | < 4.1.86.Final | 4.1.86.Final |
Affected products
27- osv-coords26 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/stargatepkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:maven/io.netty/netty-codec-haproxypkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/netty&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/netty-tcnative&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/netty-tcnative&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 2.6.0-r2+ 25 more
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 1.0.78-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 4.1.86.Final
- (no CPE)range: < 4.1.90-150200.4.14.1
- (no CPE)range: < 4.1.90-150200.4.14.1
- (no CPE)range: < 4.1.114-1.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 4.1.90-150200.4.14.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
- (no CPE)range: < 2.0.59-150200.3.10.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-fx2c-96vj-985vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41881ghsaADVISORY
- www.debian.org/security/2023/dsa-5316ghsavendor-advisoryWEB
- github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985vghsaWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlghsamailing-listWEB
- security.netapp.com/advisory/ntap-20230113-0004ghsaWEB
- security.netapp.com/advisory/ntap-20230113-0004/mitre
News mentions
0No linked articles in our index yet.